Con Watch: Is Your SIM Card Safe?

Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.

What Is a SIM Card?

A Subscriber Identity Module, more commonly known as a SIM card, is an integrated circuit that stores information used to authenticate you on your cell phone. The SIM card is able to be transferred between different devices, and often is, such as when you get a new phone but keep the same cell phone number.

What Is the Danger?

If identity thieves take over your SIM card, they can control your email and any other accounts you access through your cell phone, such as Amazon, eBay, PayPal and Netflix. Even more worrisome, criminals can also intercept security codes sent by text message as part of dual factor authentication, which is often used to verify your identity for more secure transactions, such as online banking. The thief now has the opportunity to empty your bank accounts and cause financial havoc. They can easily reset your password on any online accounts that you have that are tied to your cell phone number. If that weren’t bad enough, they now also have access to any personal information, such calls or texts, that could potentially be used to blackmail you.

How Do They Get Your SIM Card Information?

A criminal calls your phone carrier claiming to be you and telling them your phone has been lost or damaged. Then they ask the carrier to transfer or swap your SIM card to a new phone controlled by the criminal. This is known as SIM card swapping.In another type of scam known as porting, the thief calls your carrier, saying they want to transfer the phone number to a new company.

In order for the scam to work, the identity thief needs to have personal information about you so that when they call your carrier, they can impersonate you effectively. They are quite adept at contacting victims by email or telephone and getting them to supply Social Security numbers by posing as a legitimate company or agency. Even if one is cautious about giving out personal information, it can often be bought on the Dark Web thanks to all of the recent corporate data breaches, including those at Marriott, Equifax, and Facebook.

Recently, Sydney, Australia police charged a man with involvement in a conspiracy where criminals took over the mobile phone accounts of 70 people and gained access to their bank accounts, using them to purchase more than $100,000 in goods. It was estimated that this type of crime cost Australians at least $10 million in the last year.

In February, 20-year-old college student Joel Ortiz became the first American to be convicted of crimes related to SIM swapping. Ortiz was sentenced to ten years in prison for hacking into the online Bitcoin wallets of his victims, stealing more than $5 million in Bitcoin.

How Do You Protect Yourself?

The best thing you can do to protect your SIM card from porting or swapping is to set up a PIN or password for access to your mobile service provider account. This will help prevent a criminal from calling your carrier posing as you.

AT&T will allow you to set up a passcode for your account that is different from the password that you use to log into your account online. Without this passcode, AT&T will not swap your SIM card.

Verizon enables customers to set up a PIN or password to be used for purposes of authentication when they contact a call center.

T-Mobile will allow you to set up a passcode that is different from the one you use to access your account online. This code will not only protect you from criminals attempting to call T-Mobile and swap your SIM card, but will also prevent someone with a fake ID from making changes to your account at a T-Mobile store.

Sprint customers can establish a PIN that must be provided when doing a SIM swap.

Remember to never provide personal information in response to an email, phone call or text. You can never be sure who is really contacting you. If you think the communication might be legitimate, contact the real company or agency directly using a phone number or address that you know is accurate in order to confirm whether or not the original contact was legitimate.

These simple steps can help protect you from becoming a victim of SIM swapping.

Featured image: